{{- define "speaker_resources" }}
cpu: 10m
memory: 30Mi
{{- end }}

{{- if ($.Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
  name: speaker
  namespace: d8-{{ .Chart.Name }}
  {{- include "helm_lib_module_labels" (list . (dict "app" "speaker")) | nindent 2 }}
spec:
  targetRef:
    apiVersion: "apps/v1"
    kind: DaemonSet
    name: speaker
  updatePolicy:
    updateMode: "Initial"
  resourcePolicy:
    containerPolicies:
    - containerName: speaker
      minAllowed:
        {{- include "speaker_resources" . | nindent 8 }}
      maxAllowed:
        cpu: 20m
        memory: 60Mi
    {{- include "helm_lib_vpa_kube_rbac_proxy_resources" . | nindent 4 }}
{{- end }}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: speaker
  namespace: d8-{{ .Chart.Name }}
  {{- include "helm_lib_module_labels" (list . (dict "app" "speaker")) | nindent 2 }}
spec:
  selector:
    matchLabels:
      app: speaker
  template:
    metadata:
      labels:
        app: speaker
    spec:
      {{- include "helm_lib_priority_class" (tuple . "system-node-critical") | nindent 6 }}
      {{- include "helm_lib_module_pod_security_context_run_as_user_root" . | nindent 6 }}
      nodeSelector:
        {{- .Values.metallb.speaker.nodeSelector | toYaml | nindent 8 }}
      {{- include "helm_lib_tolerations" (tuple . "custom" "with-storage-problems") | nindent 6 }}

{{- if .Values.metallb.speaker.tolerations }}
        {{- .Values.metallb.speaker.tolerations | toYaml | nindent 6 }}
{{- end }}
      imagePullSecrets:
        - name: deckhouse-registry
      containers:
        - args:
            - --host=127.0.0.1
            - --port=7472
          env:
            - name: METALLB_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name: METALLB_HOST
              valueFrom:
                fieldRef:
                  fieldPath: status.hostIP
            - name: METALLB_ML_BIND_ADDR
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: METALLB_ML_LABELS
              value: app=speaker
            - name: METALLB_ML_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  key: secretkey
                  name: memberlist
          image: {{ include "helm_lib_module_image" (list $ "speaker") }}
          imagePullPolicy: IfNotPresent
          name: speaker
          {{- include "helm_lib_module_container_security_context_read_only_root_filesystem_capabilities_drop_all_and_add" (list . (list "NET_RAW")) | nindent 10 }}
          ports:
            - containerPort: 7946
              name: memberlist-tcp
            - containerPort: 7946
              name: memberlist-udp
              protocol: UDP
          livenessProbe:
            httpGet:
              path: /metrics
              host: 127.0.0.1
              port: 7472
            initialDelaySeconds: 10
            periodSeconds: 10
            timeoutSeconds: 1
            successThreshold: 1
            failureThreshold: 3
          readinessProbe:
            httpGet:
              path: /metrics
              host: 127.0.0.1
              port: 7472
            initialDelaySeconds: 10
            periodSeconds: 10
            timeoutSeconds: 1
            successThreshold: 1
            failureThreshold: 3
          resources:
            requests:
              {{- include "helm_lib_module_ephemeral_storage_only_logs" . | nindent 14 }}
{{- if not ( .Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
              {{- include "speaker_resources" . | nindent 14 }}
{{- end }}
        - name: kube-rbac-proxy
          {{- include "helm_lib_module_container_security_context_read_only_root_filesystem_capabilities_drop_all" . | nindent 10 }}
          image: {{ include "helm_lib_module_common_image" (list $ "kubeRbacProxy") }}
          args:
            - "--secure-listen-address=$(KUBE_RBAC_PROXY_LISTEN_ADDRESS):7473"
            - "--v=2"
            - "--logtostderr=true"
            - "--stale-cache-interval=1h30m"
          ports:
            - containerPort: 7473
              name: https-metrics
          env:
            - name: KUBE_RBAC_PROXY_LISTEN_ADDRESS
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: KUBE_RBAC_PROXY_CONFIG
              value: |
                upstreams:
                - upstream: http://127.0.0.1:7472/metrics
                  path: /metrics
                  authorization:
                    resourceAttributes:
                      namespace: d8-{{ .Chart.Name }}
                      apiGroup: apps
                      apiVersion: v1
                      resource: daemonsets
                      subresource: prometheus-metrics
                      name: speaker
          resources:
            requests:
              {{- include "helm_lib_module_ephemeral_storage_only_logs" . | nindent 14 }}
{{- if not ( .Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
              {{- include "helm_lib_container_kube_rbac_proxy_resources" . | nindent 14 }}
{{- end }}
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      serviceAccountName: speaker
      terminationGracePeriodSeconds: 0
